WordPress Responsive Addons for Elementor Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Addons for Elementor Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52358 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e0984c9c585 Credits Khalid Yusuf Required...

WordPress Smooth Maps Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Smooth Maps Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51901 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7ae7d310b6c4 Credits SOPROBRO Required privilege Contributor...

WordPress Countdown Timer Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure

Software Countdown Timer Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97d2e3a5c021 Credits Francesco Carlucci Required privilege...

WordPress Landing Page Cat Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Landing Page Cat Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9226 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a9da6507309 Credits vgo0 Required...

WordPress Custom URL Shortener Plugin <= 0.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Custom URL Shortener Type Plugin Vulnerable versions = 0.3.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 721373a7389e Credits SOPROBRO Required privilege...

izone 安全漏洞

izone is a Django-based blogging project by the individual developer of Hopetree. A security vulnerability exists in izone, which stems from the pushurls and geturls functions in apps oolapisdpush.py containing a server-side request forgery...

WordPress Audio Record Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Audio Record Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51792 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6342416d8183 Credits stealthcopter Required privilege Unauthenticate...

Toll Tax Management System 安全漏洞

Toll Tax Management System is a toll tax management system by the individual developer Carlo Montero. A security vulnerability exists in Toll Tax Management System version 1.0, which originates from a cross-site scripting vulnerability in the owner parameter of managerecipient.php...

WordPress Trendy Restaurant Menu Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Trendy Restaurant Menu Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51796 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5538c79e9ace Credits SOPROBRO Required privilege...

WordPress News Ticker Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software News Ticker Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51830 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 31c1d84151aa Credits SOPROBRO Required privilege Contributor...

WordPress OSM – OpenStreetMap Plugin <= 6.1.2 is vulnerable to Cross Site Scripting (XSS)

Software OSM – OpenStreetMap Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52355 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 68bca5f9bb55 Credits Junwoo Kang Required privilege...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.45 Fixed in 1.6.46 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10325 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3bcf490aa26b...

WordPress WoW Guild Armory Roster Plugin <= 0.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WoW Guild Armory Roster Type Plugin Vulnerable versions = 0.5.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51850 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 56dc451178b5 Credits SOPROBRO Required privilege...

WordPress Blocks Post Grid Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Blocks Post Grid Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51928 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c0aa1ee5be51 Credits Gab Required privilege Contributor...

WordPress Awesome Fitness Testimonials Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Awesome Fitness Testimonials Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51806 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6dc5acf46761 Credits SOPROBRO Required privilege...

WordPress Text Advertisements Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Text Advertisements Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51879 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c4a6f56c833e Credits SOPROBRO Required privilege Contributo...

WordPress Horsemanager Plugin <= 1.3 is vulnerable to SQL Injection

Software Horsemanager Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51843 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID f1d36b40ea39 Credits LVT-tholv2k Required privilege Contributor Published 8...

WordPress Social button Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Social button Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51866 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3298adb5e8ae Credits SOPROBRO Required privilege Contributor...

Pixel Update Bulletin—November 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2024-11-05 or later address all issues in this bulletin and all issues in the November 2024 Android...

CVE-2024-51735 Stored Cross-site Scripting to RCE on Osmedeus Web Server

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...